The FICO Data Privacy Policy
explains FICO’s collection and use of cookies. Cookies help us remember your settings to provide you
with a better browsing experience; allow us to assess, monitor, and improve the website’s
performance; and enable our partners to advertise to you. You may disable the cookies by changing
the settings in your browser, and you may tell us not to share your cookie data with third parties.
By using this website, you consent to the use of cookies as described in the FICO Data Privacy
Policy.

January 31, 2017

What Is a Cybersecurity Posture?

A relatively new addition to the cyber-lexicon is the concept of a ‘security posture’ or ‘cybersecurity posture.’ What does this refer to?

The world of cybersecurity and cybercrime is rapidly evolving and a new vocabulary is developing to match. A relatively new addition to the cyber-lexicon is the concept of a ‘security posture’ or ‘cybersecurity posture.’ What does this refer to?

The cybersecurity posture of an organisation refers to its overall cybersecurity strength. This expresses the relative security of your IT estate, particularly as it relates to the internet and its vulnerability to outside threats.

Hardware and software, and how they are managed through policies, procedures or controls, are part of cybersecurity and can be referred to individually as such. Referring to any of these aspects individually is talking about cybersecurity, but to understand the likelihood of a breach a more holistic approach must be taken and an understanding of the cybersecurity posture developed. This includes not only the state of the IT infrastructure, but also the state of practices, processes, and human behaviours. These are harder to measure but can be reliably inferred from observation.

In the context of managing cybersecurity for organizations, directors and officers must make decisions based on deliberation and a sound appreciation of your overall cybersecurity posture. Understanding individual aspects of your cybersecurity approach is not enough. A holistic approach that quantifies risk and considers the interaction of physical, virtual, and human factors can add great value.

Your cybersecurity posture alongside the application of analytics enables you to understand the likelihood of a future breach so that you can:

Take a holistic approach to controls to help determine breach likelihood, rather than reacting to transient factors that don’t accurately reflect risk.

Investigate and control where risk is introduced through suppliers or partners, particularly when they have access to your systems or data.

Determine your risk appetite and establish what risks you will accept, mitigate or where you can transfer risk to an insurer.

Benchmark your cybersecurity posture against others in your industry, and see whether you are likely to be the first choice for attackers.

Prioritize investments with a more informed point of view on both absolute and relative risks.

Last month, FICO announced that it is offering free subscriptions to the Portrait portal of the FICO® Enterprise Risk Suite, which gives businesses access to their FICO® Enterprise Security Score. The score, a machine learning-based cybersecurity rating service, can show organizations how business partners and cyber insurance underwriters see their network security and can help them benchmark their performance. More information is at http://securityscore.fico.com